diff --git a/Streetwriters.Identity/Extensions/UserManagerExtensions.cs b/Streetwriters.Identity/Extensions/UserManagerExtensions.cs
new file mode 100644
index 0000000..1d215ba
--- /dev/null
+++ b/Streetwriters.Identity/Extensions/UserManagerExtensions.cs
@@ -0,0 +1,33 @@
+/*
+This file is part of the Notesnook Sync Server project (https://notesnook.com/)
+
+Copyright (C) 2022 Streetwriters (Private) Limited
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the Affero GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+Affero GNU General Public License for more details.
+
+You should have received a copy of the Affero GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+using System.Threading.Tasks;
+using Streetwriters.Common.Models;
+
+namespace Microsoft.AspNetCore.Identity
+{
+    public static class UserManagerExtensions
+    {
+        public static async Task<User> FindRegisteredUserAsync(this UserManager<User> userManager, string email, string clientId)
+        {
+            var user = await userManager.FindByEmailAsync(email);
+            return user != null && await userManager.IsInRoleAsync(user, clientId) ? user : null;
+        }
+    }
+}
\ No newline at end of file
diff --git a/Streetwriters.Identity/Validation/EmailGrantValidator.cs b/Streetwriters.Identity/Validation/EmailGrantValidator.cs
index c11160e..dc86a8f 100644
--- a/Streetwriters.Identity/Validation/EmailGrantValidator.cs
+++ b/Streetwriters.Identity/Validation/EmailGrantValidator.cs
@@ -63,7 +63,8 @@ namespace Streetwriters.Identity.Validation
         public async Task ValidateAsync(ExtensionGrantValidationContext context)
         {
             var email = context.Request.Raw["email"];
-            var user = await UserManager.FindByEmailAsync(email);
+            var clientId = context.Request.ClientId;
+            var user = await UserManager.FindRegisteredUserAsync(email, clientId);
             if (user == null)
             {
                 user = new User